CN112956236B - Method and device for processing safety information in switching process, network equipment and terminal - Google Patents

Method and device for processing safety information in switching process, network equipment and terminal Download PDF

Info

Publication number
CN112956236B
CN112956236B CN201980073085.7A CN201980073085A CN112956236B CN 112956236 B CN112956236 B CN 112956236B CN 201980073085 A CN201980073085 A CN 201980073085A CN 112956236 B CN112956236 B CN 112956236B
Authority
CN
China
Prior art keywords
base station
target base
terminal
key
base stations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201980073085.7A
Other languages
Chinese (zh)
Other versions
CN112956236A (en
Inventor
尤心
卢前溪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN112956236A publication Critical patent/CN112956236A/en
Application granted granted Critical
Publication of CN112956236B publication Critical patent/CN112956236B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements

Abstract

The embodiment of the application provides a method and a device for processing safety information in a switching process, network equipment and a terminal, wherein the method comprises the following steps: the source base station generates a plurality of corresponding first keys for a plurality of target base stations; and the source base station respectively sends the plurality of first keys to the plurality of target base stations, and the first keys are used for the communication between the target base stations and the terminal.

Description

Method and device for processing safety information in switching process, network equipment and terminal
Technical Field
The embodiment of the application relates to the technical field of mobile communication, in particular to a method and a device for processing security information in a switching process, network equipment and a terminal.
Background
The switching process comprises a switching preparation process, a switching execution process and a switching completion process. The switching preparation process comprises the steps of cell measurement by the terminal, measurement report by the terminal, switching command transmission by the network and the like. When the terminal is successfully switched to a target base station, the terminal considers that the switching is completed, and for the next switching, a switching preparation process is still needed, and the redundant switching preparation process brings extra signaling overhead, so that how to support the continuous switching of the terminal, especially the updating of the security key in the continuous switching, is a problem to be solved.
Disclosure of Invention
The embodiment of the application provides a method and a device for processing security information in a switching process, network equipment and a terminal.
The method for processing the safety information in the switching process, provided by the embodiment of the application, comprises the following steps:
the source base station generates a plurality of corresponding first keys for a plurality of target base stations;
and the source base station respectively sends the plurality of first keys to the plurality of target base stations, and the first keys are used for the communication between the target base stations and the terminal.
The method for processing the safety information in the switching process, provided by the embodiment of the application, comprises the following steps:
a terminal receives a switching command sent by a source base station, wherein the switching command comprises first configuration information and switching conditions of a plurality of target base stations;
the terminal generates a first key corresponding to a first target base station under the condition that the terminal determines that the first target base station in the target base stations meets the switching condition, and accesses the first target base station, wherein the first key corresponding to the first target base station is used for the communication between the terminal and the first target base station;
and after the terminal is successfully accessed to the first target base station, reserving all or part of information carried in the switching command.
The device for processing security information in a handover process provided by the embodiment of the application is applied to a source base station, and comprises:
a generating unit, configured to generate a plurality of corresponding first keys for a plurality of target base stations;
a sending unit, configured to send the multiple first keys to the multiple target base stations, respectively, where the first keys are used for the target base stations to communicate with a terminal.
The device for processing the safety information in the switching process, provided by the embodiment of the application, is applied to a terminal, and comprises:
a receiving unit, configured to receive a handover command sent by a source base station, where the handover command includes first configuration information and handover conditions of multiple target base stations;
a generating unit, configured to generate a first key corresponding to a first target base station in the multiple target base stations and access the first key to the first target base station when it is determined that the first target base station satisfies the handover condition, where the first key corresponding to the first target base station is used for the terminal to communicate with the first target base station;
and the storage unit is used for reserving all or part of information carried in the switching command after the first target base station is successfully accessed.
The network device provided by the embodiment of the application comprises a processor and a memory. The memory is used for storing computer programs, and the processor is used for calling and running the computer programs stored in the memory and executing the processing method of the safety information in the switching process.
The terminal provided by the embodiment of the application comprises a processor and a memory. The memory is used for storing computer programs, and the processor is used for calling and running the computer programs stored in the memory and executing the processing method of the safety information in the switching process.
The chip provided by the embodiment of the application is used for realizing the method for processing the safety information in the switching process.
Specifically, the chip includes: and the processor is used for calling and running the computer program from the memory so that the equipment provided with the chip executes the processing method of the safety information in the switching process.
The computer-readable storage medium provided in the embodiments of the present application is used for storing a computer program, and the computer program enables a computer to execute the method for processing security information in the handover process.
The computer program product provided by the embodiment of the present application includes computer program instructions, and the computer program instructions enable a computer to execute the method for processing security information in the handover process.
When the computer program provided by the embodiment of the application runs on a computer, the computer is enabled to execute the processing method of the security information in the switching process.
Through the technical scheme, a plurality of target base stations are configured in the switching command, and after the terminal is successfully accessed to one target base station, all information or part of information carried in the switching command is reserved so as to carry out continuous switching of the next target base station, thereby avoiding a redundant switching preparation process; on the other hand, the updating of the security key in continuous switching is realized, and the security of communication is guaranteed.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic diagram of a communication system architecture provided in an embodiment of the present application;
fig. 2 is a handover flowchart according to an embodiment of the present application;
fig. 3 is a flowchart of a Conditional handle provided in an embodiment of the present application;
FIG. 4 is a schematic diagram of key derivation provided by an embodiment of the present application;
fig. 5 is a schematic diagram of key update in a handover process according to an embodiment of the present application;
fig. 6 is a first flowchart illustrating a method for processing security information in a handover process according to an embodiment of the present application;
fig. 7 (a) is a schematic view of a first application scenario provided in an embodiment of the present application;
fig. 7 (b) is a schematic view of an application scenario ii provided in the embodiment of the present application;
fig. 8 is a second flowchart illustrating a method for processing security information in a handover process according to an embodiment of the present application;
fig. 9 is a third flowchart illustrating a method for processing security information in a handover process according to an embodiment of the present application;
fig. 10 is a fourth flowchart illustrating a method for processing security information in a handover process according to an embodiment of the present application;
fig. 11 is a first schematic structural diagram of a security information processing apparatus in a handover process according to an embodiment of the present disclosure;
fig. 12 is a schematic structural diagram of a second apparatus for processing security information in a handover process according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of a communication device according to an embodiment of the present application;
FIG. 14 is a schematic block diagram of a chip according to an embodiment of the present application;
fig. 15 is a schematic block diagram of a communication system according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical scheme of the embodiment of the application can be applied to various communication systems, for example: a Global System for Mobile communications (GSM) System, a Code Division Multiple Access (CDMA) System, a Wideband Code Division Multiple Access (WCDMA) System, a General Packet Radio Service (GPRS), a Long Term Evolution (Long Term Evolution, LTE) System, an LTE Frequency Division Duplex (FDD) System, an LTE Time Division Duplex (TDD), a Universal Mobile Telecommunications System (UMTS), a Worldwide Interoperability for Microwave Access (WiMAX) communication System, or a 5G System.
Illustratively, a communication system 100 applied in the embodiment of the present application is shown in fig. 1. The communication system 100 may include a network device 110, and the network device 110 may be a device that communicates with a terminal 120 (or referred to as a communication terminal, a terminal). Network device 110 may provide communication coverage for a particular geographic area and may communicate with terminals located within the coverage area. Alternatively, the Network device 110 may be a Base Station (BTS) in a GSM system or a CDMA system, a Base Station (NodeB, NB) in a WCDMA system, an evolved Node B (eNB or eNodeB) in an LTE system, or a wireless controller in a Cloud Radio Access Network (CRAN), or a Network device in a Mobile switching center, a relay, an Access point, a vehicle-mounted device, a wearable device, a hub, a switch, a bridge, a router, a Network-side device in a 5G Network, or a Network device in a Public Land Mobile Network (PLMN) for future evolution, or the like.
The communication system 100 further comprises at least one terminal 120 located within the coverage area of the network device 110. As used herein, "terminal" includes, but is not limited to, a connection via a wireline, such as via a Public Switched Telephone Network (PSTN), a Digital Subscriber Line (DSL), a Digital cable, a direct cable connection; and/or another data connection/network; and/or via a Wireless interface, such as for a cellular Network, a Wireless Local Area Network (WLAN), a digital television Network such as a DVB-H Network, a satellite Network, an AM-FM broadcast transmitter; and/or means of another terminal arranged to receive/transmit communication signals; and/or Internet of Things (IoT) devices. A terminal that is arranged to communicate over a wireless interface may be referred to as a "wireless communication terminal", "wireless terminal", or "mobile terminal". Examples of mobile terminals include, but are not limited to, satellite or cellular telephones; personal Communications Systems (PCS) terminals that may combine cellular radiotelephones with data processing, facsimile, and data Communications capabilities; PDAs that may include radiotelephones, pagers, internet/intranet access, web browsers, notepads, calendars, and/or Global Positioning System (GPS) receivers; and conventional laptop and/or palmtop receivers or other electronic devices that include a radiotelephone transceiver. A terminal can refer to an access terminal, user Equipment (UE), a subscriber unit, a subscriber station, mobile, remote station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or user equipment. An access terminal may be a cellular telephone, a cordless telephone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device having Wireless communication capabilities, a computing device or other processing device connected to a Wireless modem, a vehicle mounted device, a wearable device, a terminal in a 5G network, or a terminal in a future evolved PLMN, etc.
Optionally, the terminals 120 may perform direct-to-Device (D2D) communication therebetween.
Alternatively, the 5G system or the 5G network may also be referred to as a New Radio (NR) system or an NR network.
Fig. 1 exemplarily shows one network device and two terminals, and optionally, the communication system 100 may include a plurality of network devices and may include other numbers of terminals within the coverage of each network device, which is not limited in this embodiment of the present application.
Optionally, the communication system 100 may further include other network entities such as a network controller, a mobility management entity, and the like, which is not limited in this embodiment.
It should be understood that, in the embodiments of the present application, a device having a communication function in a network/system may be referred to as a communication device. Taking the communication system 100 shown in fig. 1 as an example, the communication device may include a network device 110 and a terminal 120 having a communication function, and the network device 110 and the terminal 120 may be the specific devices described above and are not described again here; the communication device may also include other devices in the communication system 100, such as other network entities, for example, a network controller, a mobility management entity, and the like, which are not limited in this embodiment.
It should be understood that the terms "system" and "network" are often used interchangeably herein. The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
For the convenience of understanding the technical solutions of the embodiments of the present application, the following description is provided for the related art of the embodiments of the present application, and any combination of the related art and the technical solutions of the embodiments of the present application falls within the scope of the embodiments of the present application.
1) Handover (Handover, HO)
Referring to fig. 2, fig. 2 is a switching flowchart provided in the embodiment of the present application, where the switching flowchart mainly includes the following steps:
1. and the source base station issues measurement configuration to the terminal.
2. And the terminal performs related measurement based on the measurement configuration and reports the measurement result to the source base station.
3. The source base station makes a handover decision (handover decision) based on the measurement results.
4. The source base station initiates a Handover Request (Handover Request) to the target base station.
5. And the target base station performs Admission Control (Admission Control).
6. The target base station sends a Handover Request-acknowledgement feedback message (Handover Request Ack) to the source base station.
7. The source base station sends an RRC connection reconfiguration message to the terminal, wherein the RRC connection reconfiguration message carries mobility control information (mobility control information) of the target base station.
Here, the RRC connection reconfiguration message is carried in a handover command.
8. The source base station performs SN Status Transfer (SN Status Transfer) to the target base station.
9. The terminal synchronizes to the target base station.
And 10a, the target base station performs Periodic uplink allocation (Periodic UL allocation) on the terminal.
10b, the target base station configures an uplink allocation and Tracking Area (TA) for the terminal.
11. And the terminal sends an RRC connection reconfiguration completion message to the target base station.
12. And the target base station initiates a path switching request to the MME.
13. The MME initiates a modify bearer request to a Serving Gateway (Serving Gateway).
14. The serving gateway switches the downlink path.
15. The serving gateway sends a modify bearer response message to the MME.
16. The MME sends a path switching request-acknowledgement feedback message to the target base station.
17. And the target base station informs the source base station to release the terminal context.
18. The source base station releases the resources.
The handover process in fig. 2 mainly includes the following procedures:
handover preparation (steps 1-6 in fig. 2): and the source base station configures the terminal for measurement report, and sends a switching request to the target base station based on the report result of the terminal. When the target base station agrees to the change request, the target base station configures an RRC message for the terminal, where the RRC message carries mobility control information (mobility control information), where the mobility control information includes a Random Access Channel (RACH) resource, a Cell-Radio Network Temporary Identifier (C-RNTI), a target base station security algorithm, a system message of the target base station, and the like.
Handover execution (steps 7-11 in fig. 2): the source base station forwards the mobility control information to the terminal through the switching command, and the terminal initiates a random access process to the target base station after receiving the switching command. Meanwhile, the source base station may forward a Serial Number STATUS TRANSFER (SN STATUS TRANSFER) to the target base station, and tell the target base station the uplink Packet Data Convergence Protocol (PDCP) SN receiving STATUS and the downlink PDCP SN sending STATUS.
Handover complete (steps 12-18 in fig. 2): after the terminal is successfully accessed to the target base station (i.e. the random access is successful), the target base station will initiate a PATH SWITCH REQUEST (PATH SWITCH REQUEST) to REQUEST a Mobility Management Entity (MME) to SWITCH a downlink PATH, and after the PATH SWITCH is completed, the target base station will instruct the source base station to release the context of the terminal, so that the SWITCH is completed.
2) Condition switching (Conditional handle)
For some special scenarios, such as high-speed terminal movement or high-frequency conditions, frequent switching is required. The Conditional handover avoids the problem that the terminal is late when the terminal needs to be handed over due to overlong handover preparation time, and a handover command is configured for the terminal in advance. On the other hand, for a high-speed rail scene, the operation track of the terminal is specific, so the base station can allocate the target base station to the terminal in advance, and the handover command includes a condition for triggering the terminal to perform handover (hereinafter referred to as a handover condition), and when the target base station meets the handover condition, the terminal initiates an access request to the target base station.
Further, a plurality of target base stations (i.e., a plurality of target cells) and handover conditions may be configured in the handover command in the Conditional handover scenario. The terminal judges which target cell is accessed based on the configured switching condition.
As shown in fig. 3, the Conditional handle mainly includes the following steps:
1. and carrying out measurement configuration/reporting of the measurement result between the terminal and the source base station.
Here, the source base station issues measurement configuration to the terminal, and the terminal performs related measurement based on the measurement configuration and reports the measurement result to the source base station.
2. And carrying out a switching preparation process between the source base station and the target base station.
3. And the source base station transmits a switching command to the terminal, wherein the switching command carries the configuration information and the switching conditions of the target base stations.
4. When the target base station meets the handover condition, the terminal synchronizes to the target base station (i.e. the terminal accesses to the target base station).
3) Key update in handover procedure
As shown in fig. 4, key derivation (i.e., key update) includes the following two types:
horizontal derivation of keys: based on K gNB And Physical Cell Identity (PCI) and downlink frequency (DL frequency) generation K of the target Cell (Cell of the target base station) NG-RAN*
Vertical derivation of the key: k is generated based on the PCI and downlink frequency (DL frequency) of the Next Hop (Next Hop, NH) and target cell (cell of target base station) NG-RAN* . Further, the generation may be based on a Next hop chain count (NCC)NH。
In fig. 4, the base station is taken as an example of the gNB, and the original secret key is denoted by K gNB The derived new key is denoted K NG-RAN* Or as K gNB* . If the base station is eNB, the original secret key is marked as K eNB The derived new key is denoted K eNB*
It should be noted that, data communicated between the base station and the terminal is encrypted and transmitted by using a key and other parameters and then using an encryption algorithm, the key used by the base station and the key used by the terminal need to be kept consistent, and when the terminal accesses a target base station, the terminal and the target base station need to determine the key used by the terminal through horizontal derivation of the key or vertical derivation of the key.
As shown in fig. 5, the key update in the handover process includes the following steps:
1. the source base station sends a switching request message to the target base station, the switching request message carries the safety capability of the terminal, the safety algorithm used by the source base station, K NG-RAN* ,NCC。
Here, K NG-RAN* The source base station generates according to the PCI and the downlink frequency of the target base station.
2. The target base station sends K NG-RAN* As K gNB And stored after being associated with the NCC.
3. The target base station sends the security algorithm selected by the NCC and the target base station to the source base station, and the source base station sends a switching command to the terminal, wherein the switching command carries the security algorithm selected by the NCC and the target base station.
4. The terminal synchronizes NH according to the received NCC and calculates K gNB And stored after being associated with the NCC.
5. And the terminal sends a switching completion message to the target base station.
6. The Target base station sends a path switching request message to a Target Access and Mobility Management entity (T-AMF, target-Access and Mobility Management Function).
7. T-AMF updates NCC by NCC = NCC + 1.
Here, updating NCC by NCC = NCC +1 means adding 1 to the value of NCC.
8. And the T-AMF sends a path switching request-confirmation feedback message to the target base station, wherein the path switching request-confirmation feedback message carries { NH, NCC }.
9. The target base station stores the { NH, NCC }, and switches for standby next time.
10. The terminal initiates an Intra-cell (Intra cell) handover procedure to a target base station.
The key update in fig. 5 above processes the source base station, the target base station, and the terminal as follows:
for the source base station: 1) First, K is generated based on PCI and downlink frequency of a target base station NG-RAN* (ii) a Further, if there is unused { NH, NCC }, K is generated based on NH, PCI of the target base station, and downlink frequency NG-RAN* If there is no unused { NH, NCC }, then use the existing K gNB Generating K with PCI and downlink frequency of target base station NG-RAN* (ii) a Will generate K NG-RAN* Forwarding to the target base station; using K after handover is complete NG-RAN* As K gNB (ii) a Carrying in handover command for generating K NG-RAN* The NCC of (1).
For the target base station: the target base station will receive K NG-RAN* As K gNB Communicating with a terminal; receiving NCC and K from source base station gNB Associating the data; the NCC is contained in the switching command and is sent to the terminal through the source base station; and after the switching is finished, the target base station sends a path switching request to the T-AMF.
For the terminal: if the terminal receives NCC and current terminal side K in the switching command gNB The associated NCC is equal based on K gNB And PCI and downlink frequency generation K of target base station NG-RAN* (ii) a If the terminal receives the NCC in the switching command and the K of the current terminal side gNB Different from the NCC, NH is generated based on the stored NCC, and K is generated based on the generated NH, the PCI of the target base station and the downlink frequency NG-RAN* (ii) a The terminal uses the generated K NG-RAN* As K gN And B, communicating with the target base station.
In fig. 5, the base station is taken as the gNB for example, and the original secret key is denoted by K gNB The derived new key is denoted K NG-RAN* Or as K gNB* . If the base station is eNB, the original secret key is marked as K eNB The derived new key is denoted K eNB*
Based on the above handover procedure, even if multiple target base stations are configured in the handover command, when the terminal successfully switches to one of the target base stations, the handover is considered to be completed, and for the next handover, handover preparation and other procedures are still required. In order to avoid a redundant handover preparation process, an embodiment of the present application provides a method for supporting continuous handover of a terminal, so as to implement updating of a security key in the continuous handover.
Fig. 6 is a first flowchart illustrating a method for processing security information in a handover process according to an embodiment of the present application, where as shown in fig. 6, the method for processing security information in a handover process includes the following steps:
step 601: the source base station generates a plurality of corresponding first keys for a plurality of target base stations.
In the embodiment of the present application, the source base station and the target base station may be, but are not limited to, a gNB, an eNB, an NG-gNB, and the like. Further, the types of the source base station and the target base station may be the same or different.
The embodiment of the application can be applied to a Conditional handover scene, in which a source base station sends a handover command to a terminal, and the handover command includes first configuration information and handover conditions of a plurality of target base stations. Here, the first configuration information is, for example, an RRC connection reconfiguration message. The switching condition is, for example, a Reference Signal Receiving Power (RSRP) threshold. When the terminal determines that a first target base station in the target base stations meets the switching condition (if the RSRP measurement value of the first target base station is greater than or equal to the RSRP threshold value), the terminal accesses to the first target base station. And after the terminal is successfully accessed to the first target base station, reserving all or part of information carried in the switching command.
In one scenario, as shown in fig. 7 (a), the terminal moves along a specific trajectory, starting from the source base station and accessing the target base station 1, the target base station 2, and the target base station 6 in sequence, and the terminal does not move around. At this time, after the terminal successfully accesses the target base station 1, the first configuration information except for the target base station 1 is retained for use in the next continuous handover. Then, the terminal detects that the target base station 2 meets the switching condition in the moving process, and after the target base station 2 is successfully accessed, the first configuration information except the target base station 2 is reserved so as to be used in the next continuous switching. By parity of reasoning, continuous switching is realized, and redundant switching preparation processes are avoided.
In another scenario, as shown in fig. 7 (b), the trajectory of the terminal is unpredictable, and starts to access from the source base station and randomly accesses to any one of the target base stations 1 to 6. At this time, after the terminal successfully accesses the target base station 1, the first configuration information of 6 target base stations is continuously reserved so as to be used in the next continuous handover. Then, if it is detected that the target base station 6 meets the handover condition in the terminal moving process, after the target base station 6 is successfully accessed, the first configuration information of the 6 target base stations is continuously reserved so as to be used in the next continuous handover. By parity of reasoning, continuous switching is realized, and redundant switching preparation processes are avoided.
In the continuous switching process, a source base station generates a plurality of corresponding first keys for a plurality of target base stations, and respectively sends the plurality of first keys to the plurality of target base stations, wherein the first keys are used for the communication between the target base stations and a terminal. It should be noted that, data communicated between the base station and the terminal is encrypted by using the key and other parameters and then using an encryption algorithm, and the key used by the base station and the key used by the terminal need to be consistent.
Step 602: and the source base station respectively sends the plurality of first keys to the plurality of target base stations, and the first keys are used for the communication between the target base stations and the terminal.
In this embodiment of the present application, the source base station generates multiple corresponding first keys for multiple target base stations, which may be implemented in the following manner:
the first method is as follows: the source base station generates a plurality of first keys corresponding to a plurality of target base stations based on a second key of the source base station, wherein the second key is used for the source base station to communicate with a terminal.
Further, the source base station sends the first keys to the target base stations respectively.
Here, after the source base station generates a plurality of first keys corresponding to the plurality of target base stations based on the second key of the source base station, the first keys of the plurality of target base stations are not updated.
Further, for each target base station in the target base stations, the source base station generates a first key corresponding to the target base station based on the second key of the source base station and the PCI and/or downlink frequency information of the target base station, and sends the first key to the target base station.
For example: the second secret key of the source base station is K gNB Assume that 3 target base stations are allocated in the handover command, which are target base station 1, target base station 2, and target base station 3. For target base station 1, the source base station is based on K gNB PCI and downlink frequency generation K1 of target base station 1 NG-RAN* . For target base station 2, the source base station is based on K gNB PCI and downlink frequency generation K2 of target base station 2 NG-RAN* . For the target base station 3, the source base station is based on K gNB PCI and downlink frequency generation K3 of the target base station 3 NG-RAN*
The second method comprises the following steps: the source base station receives first indication information sent by a terminal or a first target base station in a plurality of target base stations, wherein the first indication information is used for indicating that the terminal is successfully accessed to the first target base station and carries a first secret key corresponding to the first target base station; and the source base station generates first keys corresponding to other target base stations except the first target base station in the target base stations based on the first key corresponding to the first target base station.
Further, the source base station sends the first keys corresponding to the other target base stations, respectively.
Here, as the terminal moves, the accessed target base station may change, the first key of the target base station currently accessed by the terminal, received by the source base station, may be continuously updated, and the source base station regenerates the first keys of the other target base stations based on the updated first key, which shows that the first keys of the other target base stations may be updated.
Further, for each target base station in the other target base stations, the source base station generates a first key corresponding to the target base station based on the first key corresponding to the first target base station and the PCI and/or downlink frequency information of the target base station, and sends the first key to the target base station.
For example: assume that 3 target base stations are configured for the handover command, which are target base station 1, target base station 2, and target base station 3. After the terminal successfully accesses the target base station 1, the terminal or the target base station 1 sends the first secret key of the target base station 1 to the source base station. The source base station generates a first key of the target base station 2 based on the first key of the target base station 1, the PCI of the target base station 2 and the downlink frequency; the source base station generates the first key of the target base station 3 based on the first key of the target base station 1, the PCI of the target base station 3 and the downlink frequency. And the source base station issues the first key of the target base station 2 and the first key of the target base station 3 to the target base station 2 and the target base station 3 respectively. After that, the terminal continues to move and continuously performs channel quality monitoring on the configured other target base stations, and when the target base station 2 meets the handover condition, the terminal accesses the target base station 2 and communicates with the target base station 2 by using the first key of the target base station 2.
Optionally, when the source base station sends the updated key to the other target base stations, the other target base stations may update the feedback configuration information, and the like.
Optionally, the terminal may actively report an operation scene (for example, moving at a high speed or moving under a high-frequency condition), so that the base station is convenient to configure a Conditional handover.
For the second method, if the target base station to which the terminal accesses changes, the source base station regenerates the first secret key of the other target base station based on the first secret key of the target base station to which the terminal newly accesses.
Fig. 8 is a second flowchart illustrating a method for processing security information in a handover process according to an embodiment of the present application, where as shown in fig. 8, the method for processing security information in a handover process includes the following steps:
step 801: the terminal receives a switching command sent by a source base station, wherein the switching command comprises first configuration information and switching conditions of a plurality of target base stations.
In the embodiment of the application, the terminal can be any equipment capable of communicating with a network, such as a mobile phone, a tablet computer, a notebook computer, a vehicle-mounted terminal, a wearable device and the like.
The method and the device for switching the target base stations can be applied to a Conditional handover scene, wherein in the scene, the terminal receives a switching command sent by a source base station, and the switching command comprises first configuration information and switching conditions of a plurality of target base stations. Here, the first configuration information is, for example, an RRC connection reconfiguration message. The handover condition is, for example, an RSRP threshold value.
Step 802: and under the condition that the terminal determines that a first target base station in the target base stations meets the switching condition, generating a first secret key corresponding to the first target base station, and accessing the first secret key to the first target base station, wherein the first secret key corresponding to the first target base station is used for the communication between the terminal and the first target base station.
In this embodiment of the application, when a terminal determines that a first target base station in a plurality of target base stations meets a handover condition (if an RSRP measurement value of the first target base station is greater than or equal to an RSRP threshold value), a first key corresponding to the first target base station is generated and accessed to the first target base station, and the first key corresponding to the first target base station is used for the terminal to communicate with the first target base station.
Here, the terminal generating the first key corresponding to the first target base station may be implemented by:
the method I comprises the following steps: and the terminal generates a first key corresponding to the first target base station based on a second key of the source base station, wherein the second key is used for the source base station to communicate with the terminal.
Further, the terminal generates a first key corresponding to the first target base station based on the second key of the source base station and the PCI and/or downlink frequency information of the first target base station.
For example: the second secret key of the source base station is K gNB Assume that 3 target base stations are allocated in the handover command, which are target base station 1, target base station 2, and target base station 3. When the terminal is accessed to the target base station 1, based on K gNB PCI and downlink frequency generation K1 of target base station 1 NG-RAN* The K1 is NG-RAN* As K gNB Communicating with the target base station 1. When the terminal accesses the target base station 2, based on K gNB PCI and downlink frequency generation K2 of target base station 2 NG-RAN* Then K2 is added NG-RAN* As K gNB Communicating with the target base station 2. When the terminal accesses the target base station 3, based on K gNB PCI and downlink frequency generation K3 of the target base station 3 NG-RAN* The K3 is added NG-RAN* As K gNB Communicating with the target base station 3.
For the first method, the keys between all the target base stations and the terminal configured in the handover command are generated based on the PCI and the downlink frequency of the target base station and the second key of the source base station, and at this time, when the terminal is successfully handed over to any one target base station, the second key of the source base station needs to be saved for derivation of the subsequent key.
Optionally, other cell identification information may be added when performing key derivation based on the second key, and the identification information is carried in the handover command.
The second method comprises the following steps: and the terminal generates a first key corresponding to the first target base station based on the latest key of the terminal.
Further, the terminal generates a first key corresponding to the first target base station based on the latest key of the terminal and the PCI and/or downlink frequency information of the first target base station.
Here, the latest key of the terminal is a second key of the source base station; or the latest secret key of the terminal is a first secret key corresponding to a second target base station in the target base stations, and the second target base station is a target base station accessed by the terminal before accessing the first target base station.
For example: assume that 3 target base stations are configured for the handover command, which are target base station 1, target base station 2, and target base station 3. And after the terminal is successfully accessed to the target base station 1, the terminal uses the first secret key of the target base station 1 to communicate with the target base station 1. After the terminal successfully accesses the target base station 2, the terminal generates the first key of the target base station 2 by using the first key of the target base station 1, the PCI of the target base station 2 and the downlink frequency, and communicates with the target base station 2 by using the first key of the target base station 2. After the terminal successfully accesses the target base station 3, the terminal generates the first key of the target base station 3 by using the first key of the target base station 2, the PCI of the target base station 3 and the downlink frequency, and communicates with the target base station 3 by using the first key of the target base station 3.
Step 803: and after the terminal is successfully accessed to the first target base station, reserving all or part of information carried in the switching command.
In the embodiment of the application, after the terminal successfully accesses the first target base station, all information or part of information carried in the switching command is reserved.
In one scenario, as shown in fig. 7 (a), the terminal has a specific trajectory, and starts to access from the source base station and accesses to the target base station 1, the target base station 2, and the target base station 6 sequentially, and the terminal does not go around. At this time, after the terminal successfully accesses the target base station 1, the first configuration information except the target base station 1 is retained for use in the next continuous handover. Then, the terminal detects that the target base station 2 meets the switching condition in the moving process, and after the target base station 2 is successfully accessed, the first configuration information except the target base station 2 is reserved so as to be used in the next continuous switching. By parity of reasoning, continuous switching is realized, and redundant switching preparation processes are avoided.
In another scenario, as shown in fig. 7 (b), the trajectory of the terminal is unpredictable, and starts to access from the source base station and randomly accesses to any one of the target base stations 1 to 6. At this time, after the terminal successfully accesses the target base station 1, the first configuration information of 6 target base stations is continuously reserved so as to be used in the next continuous handover. Then, if it is detected in the terminal moving process that the target base station 6 meets the handover condition, after the target base station 6 is successfully accessed, the first configuration information of the 6 target base stations is continuously reserved for use in the next continuous handover. By parity of reasoning, continuous switching is realized, and redundant switching preparation processes are avoided.
The technical solutions in the embodiments of the present application are illustrated below with reference to specific flows, and it should be noted that the technical solutions in the embodiments of the present application are not limited to the following flows.
Fig. 9 is a schematic flowchart third of a method for processing security information in a handover process according to an embodiment of the present application, where as shown in fig. 9, the process includes the following steps:
1. source base station based on K eNB Generating K eNB*
Here, the secret key of the source base station is K eNB The value of NCC associated therewith is 0, i.e. NCC =0. Recording the safety information of the source base station side as K eNB ,NCC=0。
Similarly, since the terminal currently accesses the source base station, the security information at the terminal side is also K eNB ,NCC=0。
Source base station based on its own K eNB The PCI and downlink frequency of the target base station 1 generate K of the target base station 1 eNB* And combine K with eNB* Associated with NCC =0.
2. The source base station sends K eNB* NCC =0 is forwarded to target base station 1.
3. Target base station 1 sends K eNB* Is set to K eNB ,NCC=0。
Here, the target base station 1 will K eNB* Is set to K eNB Then, K is eNB For communication between the target base station 1 and the terminal.
4. The source base station sends a handover command to the terminal.
Here, the handover command carries RRC reconfiguration messages and handover conditions of the plurality of target base stations. Here, two target base stations are taken as an example, and are a target base station 1 and a target base station 2.
5. Terminal is based on K eNB Generation of K eNB* Is a reaction of K eNB* Is set to K eNB ,NCC=0。
Here, the terminal is based on K eNB The PCI and downlink frequency of the target base station 1 generate K of the target base station 1 eNB* And is combined with K eNB* Associated with NCC =0. Terminal K eNB* Is set to K eNB Then, K is eNB For communication between the terminal and the target base station 1.
6. The target base station 1 transmits a path switch request message to the MME.
7. MME updates NCC with current security information of K eNB ,NCC=1。
8. The MME sends a path switch response message to the target base station 1.
9. The target base station 1 sends first indication information to the source base station, wherein the first indication information carries NCC =1.
10. The source base station updates NH based on NCC =1, and generates K based on NH eNB*
Here, the source base station generates K of the target base station 2 based on NH, PCI and downlink frequency of the target base station 2 eNB* And is combined with K eNB* Associated with NCC =1.
11. The source base station forwards the security information K to the target base station 2 eNB* ,NCC=1。
12. The source base station transmits NCC =1 to the terminal.
Here, NCC =1 may be transmitted from the target base station 1 to the terminal.
13. Terminal is based on K eNB Generation of K eNB* Is a reaction of K eNB* Is set to K eNB ,NCC=1。
Here, the terminal is based on K eNB The PCI and the downlink frequency of the target base station 2 generate K of the target base station 2 eNB* And combine K with eNB* Associated with NCC =1. Terminal will K eNB* Is set to K eNB Then, K is eNB For communication between the terminal and the target base station 2.
14. Target base station 2 sends K eNB* Is set to K eNB ,NCC=1。
Here, the target base station 2 will K eNB* Is set to K eNB Then, K is eNB For communication between the target base station 2 and the terminal.
It should be noted that the above scheme is an LTE system as an example, and the 5G system is similar to the above process and is not described again.
Fig. 10 is a schematic flowchart of a fourth method for processing security information in a handover process according to an embodiment of the present application, where as shown in fig. 10, the process includes the following steps:
1. source base station based on K eNB Generation of K eNB*
Here, the secret key of the source base station is K eNB The value of NCC associated therewith is 0, i.e. NCC =0. Recording the safety information of the source base station side as K eNB ,NCC=0。
Similarly, since the terminal currently accesses the source base station, the security information at the terminal side is also K eNB ,NCC=0。
Source base station based on its own K eNB The PCI and downlink frequency of the target base station 1 generate K of the target base station 1 eNB* And is combined with K eNB* Associated with NCC =0.
Source base station based on its own K eNB The PCI and the downlink frequency of the target base station 2 generate K of the target base station 2 eNB* And combine K with eNB* Associated with NCC =0.
Source base station based on its own K eNB The PCI and the downlink frequency of the target base station 3 generate K of the target base station 3 eNB* And is combined with K eNB* Associated with NCC =0.
2. The source base station sends K eNB* NCC =0 is forwarded to target base station 1, target base station 2, and target base station 3, respectively.
3. Target base station 1 sends K eNB* Is set to K eNB ,NCC=0。
Here, the target base station 1 will K eNB* Is set to K eNB Then, K is eNB For communication between the target base station 1 and the terminal.
4. The source base station sends a handover command to the terminal.
Here, the handover command carries RRC reconfiguration messages and handover conditions of the plurality of target base stations. Here, three target base stations are taken as an example, and are a target base station 1, a target base station 2, and a target base station 3.
5. Terminal is based on K eNB Generating K eNB* Is a reaction of K eNB* Is set to K eNB ,NCC=0。
Here, the terminal is based on K eNB The PCI and the downlink frequency of the target base station 1 generate the K of the target base station 1 eNB* And is combined with K eNB* Associated with NCC =0. Terminal will K eNB* Is set to K eNB Then, K is eNB For communication between the terminal and the target base station 1.
6. And a random access process is executed between the terminal and the target base station 1.
7. Target base station 2 sends K eNB* Is set to K eNB ,NCC=0。
Here, the target base station 2 will K eNB* Is set to K eNB Then, K is eNB For communication between the target base station 2 and the terminal.
8. Terminal is based on K eNB Generation of K eNB* Is a reaction of K eNB* Is set to K eNB ,NCC=0。
Here, the terminal is based on K eNB The PCI and the downlink frequency of the target base station 2 generate K of the target base station 2 eNB* And combine K with eNB* Associated with NCC =0. Terminal will K eNB* Is set to K eNB Then, K is eNB For communication between the terminal and the target base station 2.
9. A random access procedure is performed between the terminal and the target base station 2.
10. Target base station 3 sends K eNB* Is set to K eNB ,NCC=0。
Here, the target base station 3 will K eNB* Is set to K eNB Then, K is eNB For communication between the target base station 3 and the terminal.
11. Terminal is based on K eNB Generation of K eNB* Is a reaction of K eNB* Is set to K eNB ,NCC=0。
Here, the terminal is based on K eNB The PCI and the downlink frequency of the target base station 3 generate K of the target base station 3 eNB* And is combined with K eNB* Associated with NCC =0. Terminal will K eNB* Is set to K eNB Then, K is eNB For communication between the terminal and the target base station 3.
12. A random access procedure is performed between the terminal and the target base station 3.
It should be noted that the above scheme is an LTE system as an example, and the 5G system is similar to the above process and is not described again.
It should be noted that the above technical solution in the embodiment of the present application is not limited to be applied to cell handover between base stations (inter-NodeB, inter-NB), but may also be applied to cell handover within base stations (intra-NB ). Wherein, the cell switching of the inter-NB means that: handover between two cells belonging to different target base stations. Cell handover for intra-NB refers to: handover between two cells belonging to the same target base station.
Fig. 11 is a schematic structural diagram of a first apparatus for processing security information in a handover process according to an embodiment of the present application, where the apparatus is applied to a source base station, and as shown in fig. 11, the apparatus includes:
a generating unit 1101, configured to generate a plurality of corresponding first keys for a plurality of target base stations;
a sending unit 1102, configured to send the multiple first keys to the multiple target base stations, respectively, where the first keys are used for the target base stations to communicate with a terminal.
In an embodiment, the generating unit 1101 is configured to generate a plurality of first keys corresponding to a plurality of target base stations based on a second key of the source base station, where the second key is used for the source base station to communicate with a terminal.
In an embodiment, for each target base station in the plurality of target base stations, the generating unit 1101 generates a first key corresponding to the target base station based on the second key of the source base station and the PCI and/or downlink frequency information of the target base station.
In one embodiment, the apparatus further comprises:
a receiving unit 1103, configured to receive first indication information sent by a terminal or a first target base station in multiple target base stations, where the first indication information is used to indicate that the terminal successfully accesses the first target base station, and the first indication information carries a first key corresponding to the first target base station;
the generating unit 1101 is configured to generate a first key corresponding to a target base station other than the first target base station in the plurality of target base stations based on the first key corresponding to the first target base station;
the sending unit 1102 is configured to send the first keys corresponding to the other target base stations, respectively.
In an embodiment, for each of the other target base stations, the generating unit 1101 generates the first key corresponding to the target base station based on the first key corresponding to the first target base station and the PCI and/or downlink frequency information of the target base station.
In an embodiment, the sending unit 1102 is further configured to send a handover command to the terminal, where the handover command includes the first configuration information and the handover condition of the multiple target base stations.
It should be understood by those skilled in the art that the description related to the apparatus for processing the security information in the handover process in the embodiment of the present application may be understood by referring to the description related to the method for processing the security information in the handover process in the embodiment of the present application.
Fig. 12 is a schematic structural diagram of a second apparatus for processing security information in a handover process according to an embodiment of the present application, where the apparatus is applied to a terminal, and as shown in fig. 12, the apparatus includes:
a receiving unit 1201, configured to receive a handover command sent by a source base station, where the handover command includes first configuration information and handover conditions of multiple target base stations;
a generating unit 1202, configured to generate a first key corresponding to a first target base station in the plurality of target base stations and access the first key to the first target base station when it is determined that the first target base station satisfies the handover condition, where the first key corresponding to the first target base station is used for the terminal to communicate with the first target base station;
a saving unit 1203, configured to reserve all or part of the information carried in the handover command after the first target base station is successfully accessed.
In an embodiment, the generating unit 1202 is configured to generate a first key corresponding to the first target base station based on a second key of the source base station, where the second key is used for the source base station to communicate with a terminal.
In an embodiment, the generating unit 1202 is configured to generate a first key corresponding to the first target base station based on the second key of the source base station and the PCI and/or downlink frequency information of the first target base station.
In an embodiment, the generating unit 1202 is configured to generate a first key corresponding to the first target base station based on a latest key of the terminal.
In an embodiment, the generating unit 1202 is configured to generate a first key corresponding to the first target base station based on a latest key of the terminal and the PCI and/or downlink frequency information of the first target base station.
In one embodiment, the latest key of the terminal is the second key of the source base station; alternatively, the first and second electrodes may be,
the latest key of the terminal is a first key corresponding to a second target base station in the target base stations, and the second target base station is a target base station accessed by the terminal before accessing the first target base station.
It should be understood by those skilled in the art that the description related to the apparatus for processing the security information in the handover process in the embodiment of the present application may be understood by referring to the description related to the method for processing the security information in the handover process in the embodiment of the present application.
Fig. 13 is a schematic structural diagram of a communication device 600 according to an embodiment of the present application. The communication device may be a network device, such as a base station, or a terminal, and the communication device 600 shown in fig. 13 includes a processor 610, and the processor 610 may call and execute a computer program from a memory to implement the method in the embodiment of the present application.
Optionally, as shown in fig. 13, the communication device 600 may further include a memory 620. From the memory 620, the processor 610 may call and run a computer program to implement the method in the embodiment of the present application.
The memory 620 may be a separate device from the processor 610, or may be integrated into the processor 610.
Optionally, as shown in fig. 13, the communication device 600 may further include a transceiver 630, and the processor 610 may control the transceiver 630 to communicate with other devices, and in particular, may transmit information or data to the other devices or receive information or data transmitted by the other devices.
The transceiver 630 may include a transmitter and a receiver, among others. The transceiver 630 may further include one or more antennas.
Optionally, the communication device 600 may specifically be a network device according to this embodiment, and the communication device 600 may implement a corresponding process implemented by the network device in each method according to this embodiment, which is not described herein again for brevity.
Optionally, the communication device 600 may specifically be a mobile terminal/terminal according to this embodiment, and the communication device 600 may implement a corresponding process implemented by the mobile terminal/terminal in each method according to this embodiment, which is not described herein again for brevity.
Fig. 14 is a schematic structural diagram of a chip of the embodiment of the present application. The chip 700 shown in fig. 14 includes a processor 710, and the processor 710 can call and run a computer program from a memory to implement the method in the embodiment of the present application.
Optionally, as shown in fig. 14, the chip 700 may further include a memory 720. From the memory 720, the processor 710 can call and run a computer program to implement the method in the embodiment of the present application.
The memory 720 may be a separate device from the processor 710, or may be integrated into the processor 710.
Optionally, the chip 700 may further include an input interface 730. The processor 710 may control the input interface 730 to communicate with other devices or chips, and in particular, may obtain information or data transmitted by other devices or chips.
Optionally, the chip 700 may further include an output interface 740. The processor 710 may control the output interface 740 to communicate with other devices or chips, and in particular, may output information or data to the other devices or chips.
Optionally, the chip may be applied to the network device in the embodiment of the present application, and the chip may implement a corresponding process implemented by the network device in each method in the embodiment of the present application, and for brevity, details are not described here again.
Optionally, the chip may be applied to the mobile terminal/terminal in the embodiment of the present application, and the chip may implement a corresponding process implemented by the mobile terminal/terminal in each method in the embodiment of the present application, and for brevity, no further description is given here.
It should be understood that the chips mentioned in the embodiments of the present application may also be referred to as a system-on-chip, a system-on-chip or a system-on-chip, etc.
Fig. 15 is a schematic block diagram of a communication system 900 according to an embodiment of the present application. As shown in fig. 15, the communication system 900 includes a terminal 910 and a network device 920.
The terminal 910 may be configured to implement corresponding functions implemented by the terminal in the foregoing method, and the network device 920 may be configured to implement corresponding functions implemented by the network device in the foregoing method, which are not described herein again for brevity.
It should be understood that the processor of the embodiments of the present application may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The Processor may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and combines hardware thereof to complete the steps of the method.
It will be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of example, and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double Data Rate Synchronous Dynamic random access memory (DDR SDRAM), enhanced Synchronous SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and Direct Rambus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
It should be understood that the above memories are exemplary but not limiting illustrations, for example, the memories in the embodiments of the present application may also be Static Random Access Memory (SRAM), dynamic random access memory (dynamic RAM, DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (enhanced SDRAM, ESDRAM), synchronous Link DRAM (SLDRAM), direct Rambus RAM (DR RAM), and the like. That is, the memory in the embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
An embodiment of the present application further provides a computer-readable storage medium for storing a computer program.
Optionally, the computer-readable storage medium may be applied to the network device in the embodiment of the present application, and the computer program enables a computer to execute corresponding processes implemented by the network device in the methods in the embodiment of the present application, which are not described herein again for brevity.
Optionally, the computer-readable storage medium may be applied to the mobile terminal/terminal in the embodiment of the present application, and the computer program enables the computer to execute the corresponding process implemented by the mobile terminal/terminal in each method in the embodiment of the present application, which is not described herein again for brevity.
Embodiments of the present application also provide a computer program product comprising computer program instructions.
Optionally, the computer program product may be applied to the network device in the embodiment of the present application, and the computer program instructions enable the computer to execute corresponding processes implemented by the network device in the methods in the embodiment of the present application, which are not described herein again for brevity.
Optionally, the computer program product may be applied to the mobile terminal/terminal in the embodiment of the present application, and the computer program instruction causes the computer to execute a corresponding flow implemented by the mobile terminal/terminal in each method in the embodiment of the present application, which is not described herein again for brevity.
The embodiment of the application also provides a computer program.
Optionally, the computer program may be applied to the network device in the embodiment of the present application, and when the computer program runs on a computer, the computer is enabled to execute a corresponding process implemented by the network device in each method in the embodiment of the present application, and for brevity, details are not described here again.
Optionally, the computer program may be applied to the mobile terminal/terminal in the embodiment of the present application, and when the computer program runs on a computer, the computer is enabled to execute the corresponding process implemented by the mobile terminal/terminal in each method in the embodiment of the present application, which is not described herein again for brevity.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the technical solutions of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (24)

1. A method for processing security information in a handover process, the method comprising:
the source base station generates a plurality of corresponding first keys for a plurality of target base stations;
the source base station sends the first keys to the target base stations respectively, and the first keys are used for the communication between the target base stations and terminals;
the method for generating a plurality of corresponding first keys for a plurality of target base stations by the source base station includes:
the source base station receives first indication information sent by a terminal or a first target base station in a plurality of target base stations, wherein the first indication information is used for indicating that the terminal is successfully accessed to the first target base station and carries a first secret key corresponding to the first target base station;
the source base station generates first keys corresponding to other target base stations except the first target base station in the target base stations based on the first key corresponding to the first target base station;
for each target base station in the other target base stations, the source base station generates a first key corresponding to the target base station based on the first key corresponding to the first target base station and the PCI and/or downlink frequency information of the target base station, and sends the first key to the target base station.
2. The method of claim 1, wherein the source base station generates a corresponding plurality of first keys for a plurality of target base stations, further comprising:
the source base station generates a plurality of first keys corresponding to a plurality of target base stations based on a second key of the source base station, wherein the second key is used for the source base station to communicate with a terminal.
3. The method of claim 2, wherein, for each target base station in the plurality of target base stations, the source base station generates a first key corresponding to the target base station based on the second key of the source base station and the PCI and/or downlink frequency information of the target base station, and transmits the first key to the target base station.
4. The method of any of claims 1 to 3, wherein the method further comprises:
and the source base station sends a switching command to a terminal, wherein the switching command comprises first configuration information and switching conditions of the target base stations.
5. A method for processing security information in a handover process includes:
a terminal receives a switching command sent by a source base station, wherein the switching command comprises first configuration information and switching conditions of a plurality of target base stations;
the terminal generates a first key corresponding to a first target base station under the condition that the terminal determines that the first target base station in the target base stations meets the switching condition, and accesses the first key to the first target base station, wherein the first key corresponding to the first target base station is used for the terminal to communicate with the first target base station;
and after the terminal is successfully accessed to the first target base station, reserving all or part of information carried in the switching command.
6. The method of claim 5, wherein the generating a first key corresponding to the first target base station comprises:
and the terminal generates a first key corresponding to the first target base station based on a second key of the source base station, wherein the second key is used for the source base station to communicate with the terminal.
7. The method of claim 6, wherein the terminal generating a first key corresponding to the first target base station based on a second key corresponding to the source base station comprises:
and the terminal generates a first key corresponding to the first target base station based on the second key of the source base station and the PCI and/or downlink frequency information of the first target base station.
8. The method of claim 5, wherein the generating a first key corresponding to the first target base station comprises:
and the terminal generates a first key corresponding to the first target base station based on the latest key of the terminal.
9. The method of claim 8, wherein the terminal generating a first key corresponding to the first target base station based on a latest key of the terminal comprises:
and the terminal generates a first key corresponding to the first target base station based on the latest key of the terminal and the PCI and/or downlink frequency information of the first target base station.
10. The method of claim 8 or 9,
the latest key of the terminal is a second key of the source base station; alternatively, the first and second electrodes may be,
the latest key of the terminal is a first key corresponding to a second target base station in the plurality of target base stations, and the second target base station is a target base station accessed by the terminal before accessing the first target base station.
11. An apparatus for processing security information in handover process, applied to a source base station, the apparatus comprising:
a generating unit, configured to generate a plurality of corresponding first keys for a plurality of target base stations;
a sending unit, configured to send the multiple first keys to the multiple target base stations, respectively, where the first keys are used for the target base stations to communicate with a terminal;
the device further comprises:
a receiving unit, configured to receive first indication information sent by a terminal or a first target base station in multiple target base stations, where the first indication information is used to indicate that the terminal successfully accesses the first target base station, and the first indication information carries a first key corresponding to the first target base station;
the generating unit is configured to generate a first key corresponding to a target base station other than the first target base station in the plurality of target base stations based on the first key corresponding to the first target base station;
the sending unit is configured to send the first keys corresponding to the other target base stations, respectively;
wherein, for each of the other target base stations, the generating unit generates the first key corresponding to the target base station based on the first key corresponding to the first target base station and the PCI and/or downlink frequency information of the target base station.
12. The apparatus of claim 11, wherein the generating unit is configured to generate a plurality of first keys corresponding to a plurality of target base stations based on a second key of the source base station, and the second key is used for the source base station to communicate with a terminal.
13. The apparatus of claim 12, wherein for each of the plurality of target base stations, the generating unit generates the first key corresponding to the target base station based on the second key of the source base station and the PCI and/or downlink frequency information of the target base station.
14. The apparatus according to any one of claims 11 to 13, wherein the sending unit is further configured to send a handover command to a terminal, where the handover command includes the first configuration information and the handover condition of the plurality of target base stations.
15. A processing device for safety information in a switching process is applied to a terminal, and the device comprises:
a receiving unit, configured to receive a handover command sent by a source base station, where the handover command includes first configuration information and handover conditions of multiple target base stations;
a generating unit, configured to generate a first key corresponding to a first target base station in the multiple target base stations and access the first key to the first target base station when it is determined that the first target base station satisfies the handover condition, where the first key corresponding to the first target base station is used for the terminal to communicate with the first target base station;
and the storage unit is used for reserving all or part of information carried in the switching command after the first target base station is successfully accessed.
16. The apparatus of claim 15, wherein the generating unit is configured to generate a first key corresponding to the first target base station based on a second key of the source base station, and the second key is used for the source base station to communicate with a terminal.
17. The apparatus of claim 16, wherein the generating unit is configured to generate the first key corresponding to the first target base station based on the second key of the source base station and the PCI and/or downlink frequency information of the first target base station.
18. The apparatus of claim 15, wherein the generating unit is configured to generate the first key corresponding to the first target base station based on a latest key of the terminal.
19. The apparatus of claim 18, wherein the generating unit is configured to generate the first key corresponding to the first target base station based on a latest key of the terminal and PCI and/or downlink frequency information of the first target base station.
20. The apparatus of claim 18 or 19,
the latest key of the terminal is a second key of the source base station; alternatively, the first and second electrodes may be,
the latest key of the terminal is a first key corresponding to a second target base station in the target base stations, and the second target base station is a target base station accessed by the terminal before accessing the first target base station.
21. A network device, comprising: a processor and a memory for storing a computer program, the processor being adapted to invoke and execute the computer program stored in the memory, performing the method of any of claims 1 to 4.
22. A terminal, comprising: a processor and a memory for storing a computer program, the processor being adapted to invoke and execute the computer program stored in the memory, performing the method of any of claims 5 to 10.
23. A computer-readable storage medium storing a computer program for causing a computer to perform the method of any one of claims 1 to 4.
24. A computer-readable storage medium storing a computer program for causing a computer to perform the method of any one of claims 5 to 10.
CN201980073085.7A 2019-02-02 2019-02-02 Method and device for processing safety information in switching process, network equipment and terminal Active CN112956236B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/074628 WO2020155157A1 (en) 2019-02-02 2019-02-02 Security information processing method and apparatus during handover process, network device, and terminal

Publications (2)

Publication Number Publication Date
CN112956236A CN112956236A (en) 2021-06-11
CN112956236B true CN112956236B (en) 2022-10-21

Family

ID=71840682

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201980073085.7A Active CN112956236B (en) 2019-02-02 2019-02-02 Method and device for processing safety information in switching process, network equipment and terminal

Country Status (2)

Country Link
CN (1) CN112956236B (en)
WO (1) WO2020155157A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116367153A (en) * 2021-12-27 2023-06-30 华为技术有限公司 Communication method, device and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101336554A (en) * 2006-01-04 2008-12-31 诺基亚公司 Secure distributed handover signaling
WO2010105442A1 (en) * 2009-03-20 2010-09-23 深圳华为通信技术有限公司 Method, apparatus and system for generating key evolving parameters
CN101931950A (en) * 2009-06-19 2010-12-29 大唐移动通信设备有限公司 Method, system and device for acquiring key in switching process
CN101953191A (en) * 2008-02-20 2011-01-19 阿尔卡特朗讯美国公司 System and method for performing handovers, or key management while performing handovers in a wireless communication system
CN102215485A (en) * 2010-04-04 2011-10-12 中兴通讯股份有限公司 Method for guaranteeing safety of multi-carrier switching or reconstructing in multi-carrier communication system
CN102340774A (en) * 2010-07-22 2012-02-01 中兴通讯股份有限公司 Key distribution method of handover and system thereof

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5167759B2 (en) * 2007-10-24 2013-03-21 日本電気株式会社 Communication system, communication method, authentication information management server, and small base station
US20090209259A1 (en) * 2008-02-15 2009-08-20 Alec Brusilovsky System and method for performing handovers, or key management while performing handovers in a wireless communication system
CN101616408B (en) * 2008-06-23 2012-04-18 华为技术有限公司 Key derivation method, key derivation device and system
CN113825190A (en) * 2017-05-26 2021-12-21 捷开通讯(深圳)有限公司 Communication switching method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101336554A (en) * 2006-01-04 2008-12-31 诺基亚公司 Secure distributed handover signaling
CN101953191A (en) * 2008-02-20 2011-01-19 阿尔卡特朗讯美国公司 System and method for performing handovers, or key management while performing handovers in a wireless communication system
WO2010105442A1 (en) * 2009-03-20 2010-09-23 深圳华为通信技术有限公司 Method, apparatus and system for generating key evolving parameters
CN101931950A (en) * 2009-06-19 2010-12-29 大唐移动通信设备有限公司 Method, system and device for acquiring key in switching process
CN102215485A (en) * 2010-04-04 2011-10-12 中兴通讯股份有限公司 Method for guaranteeing safety of multi-carrier switching or reconstructing in multi-carrier communication system
CN102340774A (en) * 2010-07-22 2012-02-01 中兴通讯股份有限公司 Key distribution method of handover and system thereof

Also Published As

Publication number Publication date
WO2020155157A1 (en) 2020-08-06
CN112956236A (en) 2021-06-11

Similar Documents

Publication Publication Date Title
US20220386184A1 (en) Mobility management method, terminal, and base station
CN108029054B (en) Anchor point replacing method and device
CN113424583A (en) Method and equipment for cell switching
CN110892743A (en) Handover with 0 ms user plane interruption
US11838815B2 (en) Cell handover method, terminal device, and network device
CN111373783A (en) Information transmission method and device and communication equipment
US20200015288A1 (en) Radio communication method and device
JP7213950B2 (en) Information configuration method and device, terminal, network equipment
CN113796118A (en) Switching method and device, and communication equipment
WO2021226967A1 (en) Handover method and device
CN112789891B (en) Wireless communication method, device and terminal equipment
CN112956236B (en) Method and device for processing safety information in switching process, network equipment and terminal
WO2020024301A1 (en) Method and device for ensuring data transmission reliability, and network apparatus
CN112789895A (en) Switching method and device, terminal and network equipment
US11265951B2 (en) Method and apparatus for recovering RRC connection, and terminal
CN113261340B (en) Information transmission method, terminal equipment, base station and core network equipment
WO2020029275A1 (en) Wireless communication method, terminal device, and network device
CN111972001A (en) Signaling interaction method and device in switching process and network equipment
CN113316947A (en) Wireless communication method, terminal equipment and network equipment
CN111869262B (en) Base station switching method and device, and network equipment
CN111989951B (en) Data forwarding method and device, and network equipment
CN113261329B (en) Method for switching network equipment, terminal equipment and network equipment
KR102571050B1 (en) Timer-based processing method, terminal device and network device
CN116017555A (en) Report transmission method, terminal, base station, device, and storage medium
CN114501563A (en) Wireless communication method, device and network equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant